Benchmarking Terminology for Firewall Performance
RFC 2647
|
Document |
Type |
|
RFC - Informational
(August 1999; No errata)
|
|
Author |
|
David Newman
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
IESG |
IESG state |
|
RFC 2647 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Network Working Group D. Newman
Request for Comments: 2647 Data Communications
Category: Informational August 1999
Benchmarking Terminology for Firewall Performance
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Table of Contents
1. Introduction...................................................2
2. Existing definitions...........................................2
3. Term definitions...............................................3
3.1 Allowed traffic...............................................3
3.2 Application proxy.............................................3
3.3 Authentication................................................4
3.4 Bit forwarding rate...........................................5
3.5 Circuit proxy.................................................6
3.6 Concurrent connections........................................6
3.7 Connection....................................................7
3.8 Connection establishment......................................9
3.9 Connection establishment time.................................9
3.10 Connection maintenance......................................10
3.11 Conection overhead..........................................11
3.12 Connection teardown.........................................11
3.13 Connection teardown time....................................12
3.14 Data source.................................................12
3.15 Demilitarized zone..........................................13
3.16 Firewall....................................................13
3.17 Goodput.....................................................14
3.18 Homed.......................................................15
3.19 Illegal traffic.............................................15
3.20 Logging.....................................................16
3.21 Network address translation.................................16
3.22 Packet filtering............................................17
3.23 Policy......................................................17
3.24 Protected network...........................................18
3.25 Proxy.......................................................19
3.26 Rejected traffic............................................19
Newman Informational [Page 1]
RFC 2647 Firewall Performance Terminology August 1999
3.27 Rule set....................................................20
3.28 Security association........................................20
3.29 Stateful packet filtering...................................21
3.30 Tri-homed...................................................22
3.31 Unit of transfer............................................22
3.32 Unprotected network.........................................23
3.33 User........................................................23
4. Security considerations.......................................24
5. References....................................................25
6. Acknowledgments...............................................25
7. Contact Information...........................................25
8. Full Copyright Statement......................................26
1. Introduction
This document defines terms used in measuring the performance of
firewalls. It extends the terminology already used for benchmarking
routers and switches with definitions specific to firewalls.
Forwarding rate and connection-oriented measurements are the primary
metrics used in this document.
Why do we need firewall performance measurements? First, despite the
rapid rise in firewall deployment, there is no standard method of
performance measurement. Second, implementations vary widely, making
it difficult to do direct performance comparisons. Finally, more and
more organizations are deploying firewalls on internal networks
operating at relatively high speeds, while most firewall
implementations remain optimized for use over relatively low-speed
wide-area connections. As a result, users are often unsure whether
the products they buy will stand up to relatively heavy loads.
2. Existing definitions
This document uses the conceptual framework established in RFCs 1242
and 2544 (for routers) and RFC 2285 (for switches). The router and
switch documents contain discussions of several terms relevant to
benchmarking the performance of firewalls. Readers should consult the
router and switch documents before making use of this document.
This document uses the definition format described in RFC 1242,
Show full document text